UPDATE: Please click here for the latest version of our Australian cyber security organisations chart in which we outline the existing array of Commonwealth organisations and programs related to cyber security. The chart has been updated to include the changes implemented and proposed under Australia's Cyber Security Strategy.
On 21 April 2016, the Australian Federal Government launched a new $230 million Cyber Security Strategy (the Strategy) aimed at combatting the increasing number of online threats and assaults. The Strategy replaces the 2009 Cyber Security Strategy and provides a four year program which draws on greater defence capabilities, private sector involvement, global coordination, growth and innovation and public awareness to improve Australia's cyber safety.
In this article we summarise those five pillars of the Strategy and highlight some planned initiatives. Click here for our more detailed alert.
1. Private Sector Involvement
The Strategy stresses the importance of the private sector in strengthening Australia's cyber security and projects that:
• $47 million are to be spent on the development of Joint Cyber Threat Centres in key capital cities to build online portals for businesses to share cyber security information;
• the private sector will be asked to consult with the Government and research community to devise national voluntary cyber security guidelines;
• business will also be able to undergo "health checks" to compare their information security defences against similar organisations; and
• the Prime Minister will lead an annual security meeting with business leaders to drive the Strategy's implementation.
2. Strengthening Defences: More Funding And Personnel
The 2016 Defence White Paper recognised the importance of bolstering Australia's cyber and intelligence capabilities, committing $400 million over the next decade to the cyber security sector.
The Strategy adds to this by:
• promising additional funding to the Australian Federal Police and the Australian Crime Commission for threat detection, technical analysis and forensic assessment;
• promising more cyber security experts to those bodies and other Government agencies; and
• projecting enhancement of Australia's cyber offensive capability to help improve defensive capabilities.
3. Global Leadership In Tackling Online Attacks
Recognising the global nature of the threat of cyber attacks, the Government seeks to "champion an open, free and secure internet". Government organisations and centres of excellence will work with allied nations to devise strategies for pre-empting the moves of cyber criminals (known as "cyber raiders"). This will include developing ways of shutting down overseas "safe havens" where cyber raiders congregate to launch raids.
4. Driving Growth And Innovation
The Australian Government plans to establish academic centres of excellence at universities to boost the numbers and quality of cyber security workers in Australia. They are also seeking to promote careers in cyber security at all levels of education, and diversify the workforce, particularly by boosting female participation.
The centres of excellence will complement the $30 million national cyber security growth centre announced by the Australian Prime Minister in December 2015, acting as a centre of research and development.
5. Creating A Cyber-smart Nation
A public social media campaign will be launched to strengthen the cyber safety of Australians, from households to major businesses. Individuals will be alerted to dangers of common online threats, such as opening foreign emails, clicking on untested websites, and failing to guard against malware. Business will be aided by the proposed national guidelines to improve their cyber hygiene, threat detection, monitoring of administrative privileges to avoid unauthorised disclosure and testing malware precautions.
Around the world, cyber security threats are on the rise and legislators, policy-makers and businesses are increasingly proposing and implementing measures to combat those threats. Against this backdrop, the Strategy and planned initiatives appear to be timely and appropriate. The ultimate success of the Strategy depends on whether there is effective implementation. We will provide further updates as details emerge.
Contributor: Patrick Fair, Anne-Marie Allgrove, Paul Forbes and Adrian Lawrence